WO2006076382A3 - Method and apparatus providing policy-based revocation of network security credentials - Google Patents

Method and apparatus providing policy-based revocation of network security credentials Download PDF

Info

Publication number
WO2006076382A3
WO2006076382A3 PCT/US2006/000865 US2006000865W WO2006076382A3 WO 2006076382 A3 WO2006076382 A3 WO 2006076382A3 US 2006000865 W US2006000865 W US 2006000865W WO 2006076382 A3 WO2006076382 A3 WO 2006076382A3
Authority
WO
WIPO (PCT)
Prior art keywords
attributes
network
network security
credential
credentials
Prior art date
Application number
PCT/US2006/000865
Other languages
French (fr)
Other versions
WO2006076382A2 (en
Inventor
Joseph Salowey
Original Assignee
Cisco Tech Inc
Joseph Salowey
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cisco Tech Inc, Joseph Salowey filed Critical Cisco Tech Inc
Priority to CN200680001894XA priority Critical patent/CN101208685B/en
Priority to EP06717996.0A priority patent/EP1836798A4/en
Publication of WO2006076382A2 publication Critical patent/WO2006076382A2/en
Publication of WO2006076382A3 publication Critical patent/WO2006076382A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Abstract

A method for policy-based revocation of network security credentials comprises receiving and storing one or more credential revocation rules, wherein each of the credential revocation rules specifies one or more first attributes and first values of the first attributes, associated with one or more credentials to be revoked; receiving and storing one or more network credentials, wherein each of the network credentials comprises one or more second attributes and second values of the second attributes; and when second values of one or more second attributes of a particular network credential among the one or more network credentials match first values of one or more first attributes of one of the credential revocation rules, determining that the particular network credential is invalid, and performing a responsive action.
PCT/US2006/000865 2005-01-11 2006-01-10 Method and apparatus providing policy-based revocation of network security credentials WO2006076382A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN200680001894XA CN101208685B (en) 2005-01-11 2006-01-10 Method and apparatus providing policy-based revocation of network security credentials
EP06717996.0A EP1836798A4 (en) 2005-01-11 2006-01-10 Method and apparatus providing policy-based revocation of network security credentials

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/034,346 2005-01-11
US11/034,346 US20060156391A1 (en) 2005-01-11 2005-01-11 Method and apparatus providing policy-based revocation of network security credentials

Publications (2)

Publication Number Publication Date
WO2006076382A2 WO2006076382A2 (en) 2006-07-20
WO2006076382A3 true WO2006076382A3 (en) 2007-11-01

Family

ID=36654878

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/000865 WO2006076382A2 (en) 2005-01-11 2006-01-10 Method and apparatus providing policy-based revocation of network security credentials

Country Status (4)

Country Link
US (1) US20060156391A1 (en)
EP (1) EP1836798A4 (en)
CN (1) CN101208685B (en)
WO (1) WO2006076382A2 (en)

Families Citing this family (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8099495B2 (en) 2005-12-29 2012-01-17 Intel Corporation Method, apparatus and system for platform identity binding in a network node
US8205238B2 (en) * 2006-03-30 2012-06-19 Intel Corporation Platform posture and policy information exchange method and apparatus
US8060931B2 (en) 2006-09-08 2011-11-15 Microsoft Corporation Security authorization queries
US20080065899A1 (en) * 2006-09-08 2008-03-13 Microsoft Corporation Variable Expressions in Security Assertions
US20080066169A1 (en) * 2006-09-08 2008-03-13 Microsoft Corporation Fact Qualifiers in Security Scenarios
US8201215B2 (en) * 2006-09-08 2012-06-12 Microsoft Corporation Controlling the delegation of rights
US20080066158A1 (en) * 2006-09-08 2008-03-13 Microsoft Corporation Authorization Decisions with Principal Attributes
US7814534B2 (en) 2006-09-08 2010-10-12 Microsoft Corporation Auditing authorization decisions
US8095969B2 (en) * 2006-09-08 2012-01-10 Microsoft Corporation Security assertion revocation
US20080066147A1 (en) * 2006-09-11 2008-03-13 Microsoft Corporation Composable Security Policies
US8656503B2 (en) * 2006-09-11 2014-02-18 Microsoft Corporation Security language translations with logic resolution
US8938783B2 (en) * 2006-09-11 2015-01-20 Microsoft Corporation Security language expressions for logic resolution
JP4502141B2 (en) * 2007-09-18 2010-07-14 富士ゼロックス株式会社 Information processing apparatus, information processing system, and information processing program
US8527771B2 (en) * 2007-10-18 2013-09-03 Sony Corporation Wireless video communication
EP2053531B1 (en) * 2007-10-25 2014-07-30 BlackBerry Limited Authentication certificate management for access to a wireless communication device
US8060920B2 (en) * 2008-06-20 2011-11-15 Microsoft Corporation Generating and changing credentials of a service account
FI20100057A0 (en) * 2010-02-12 2010-02-12 Notava Oy A method and system for creating a virtual device for redirecting data traffic
US8848919B2 (en) * 2011-06-17 2014-09-30 Assa Abloy Ab Revocation status using other credentials
US20130061281A1 (en) * 2011-09-02 2013-03-07 Barracuda Networks, Inc. System and Web Security Agent Method for Certificate Authority Reputation Enforcement
US9225743B1 (en) * 2012-04-12 2015-12-29 Symantec Corporation Automatic generation of policy from a group of SSL server certificates
US9391782B1 (en) * 2013-03-14 2016-07-12 Microstrategy Incorporated Validation of user credentials
US9298923B2 (en) * 2013-09-04 2016-03-29 Cisco Technology, Inc. Software revocation infrastructure
US9900774B2 (en) 2014-05-30 2018-02-20 Paypal, Inc. Shared network connection credentials on check-in at a user's home location
US9454773B2 (en) 2014-08-12 2016-09-27 Danal Inc. Aggregator system having a platform for engaging mobile device users
US9461983B2 (en) * 2014-08-12 2016-10-04 Danal Inc. Multi-dimensional framework for defining criteria that indicate when authentication should be revoked
US10154082B2 (en) 2014-08-12 2018-12-11 Danal Inc. Providing customer information obtained from a carrier system to a client device
US9906512B2 (en) * 2015-07-28 2018-02-27 International Business Machines Corporation Flexible revocation of credentials
US10560274B2 (en) 2016-06-09 2020-02-11 International Business Machines Corporation Credential-based authorization
US10389683B2 (en) * 2016-08-26 2019-08-20 International Business Machines Corporation Securing storage units in a dispersed storage network
US11025607B2 (en) * 2016-12-15 2021-06-01 At&T Mobility Ii Llc V2X certificate management
US10447470B2 (en) * 2017-10-04 2019-10-15 The Boeing Company Secure and disruption-tolerant communications for unmanned underwater vehicles
EP3832508B1 (en) * 2019-12-06 2024-01-24 Siemens Aktiengesellschaft Blocking or revoking a device certificate
EP3951516A1 (en) * 2020-08-04 2022-02-09 Siemens Aktiengesellschaft System and method for verifying components of an industrial control system
US11522863B2 (en) * 2020-10-29 2022-12-06 Shopify Inc. Method and system for managing resource access permissions within a computing environment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020099822A1 (en) * 2001-01-25 2002-07-25 Rubin Aviel D. Method and apparatus for on demand certificate revocation updates
US20020178361A1 (en) * 2001-05-24 2002-11-28 International Business Machines Corporation System and method for dynamically determining CRL locations and access methods
US20040064691A1 (en) * 2002-09-26 2004-04-01 International Business Machines Corporation Method and system for processing certificate revocation lists in an authorization system

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2716323B1 (en) * 1994-02-14 1996-05-03 France Telecom Secure system for interconnecting local networks via a public transmission network.
US5699431A (en) * 1995-11-13 1997-12-16 Northern Telecom Limited Method for efficient management of certificate revocation lists and update information
US6748531B1 (en) * 2000-03-28 2004-06-08 Koninklijke Philips Electronics N.V Method and apparatus for confirming and revoking trust in a multi-level content distribution system
KR100731491B1 (en) * 2000-10-12 2007-06-21 주식회사 케이티 Method for managing dispersion certificate revocation list
US20020099668A1 (en) * 2001-01-22 2002-07-25 Sun Microsystems, Inc. Efficient revocation of registration authorities
DE10107437A1 (en) * 2001-02-16 2002-08-29 Siemens Ag display module
US7437551B2 (en) * 2004-04-02 2008-10-14 Microsoft Corporation Public key infrastructure scalability certificate revocation status validation

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020099822A1 (en) * 2001-01-25 2002-07-25 Rubin Aviel D. Method and apparatus for on demand certificate revocation updates
US20020178361A1 (en) * 2001-05-24 2002-11-28 International Business Machines Corporation System and method for dynamically determining CRL locations and access methods
US20040064691A1 (en) * 2002-09-26 2004-04-01 International Business Machines Corporation Method and system for processing certificate revocation lists in an authorization system

Also Published As

Publication number Publication date
US20060156391A1 (en) 2006-07-13
CN101208685A (en) 2008-06-25
EP1836798A2 (en) 2007-09-26
WO2006076382A2 (en) 2006-07-20
EP1836798A4 (en) 2013-08-07
CN101208685B (en) 2010-10-27

Similar Documents

Publication Publication Date Title
WO2006076382A3 (en) Method and apparatus providing policy-based revocation of network security credentials
WO2009088615A3 (en) Selective authorization based on authentication input attributes
WO2010118278A3 (en) Network security using trust validation
WO2009031112A3 (en) Node for a network and method for establishing a distributed security architecture for a network
WO2006113189A3 (en) Provisioning root keys
GB2425694B (en) A method and an apparatus for securely communicating between a management server and a managed node associated with a dynamic provisioning system
EP1879325A4 (en) Method and system for updating a secret key
PL1889503T3 (en) Method for agreeing on a security key between at least one first and one second communications station for securing a communications link
WO2009044174A3 (en) Authentication method and framework
WO2006107513A3 (en) Methods and systems for exchanging security information via peer-to-peer wireless networks
WO2005074472A3 (en) Methods and system for creating and managing identity oriented networked communication
WO2012044855A3 (en) Secure multi-party communication with quantum key distribution managed by trusted authority
WO2007127637A3 (en) Method and system for providing cellular assisted secure communications of a plurality of ad hoc devices
WO2010017025A3 (en) Secure resource name resolution
WO2011043903A3 (en) Network access control
WO2006130616A3 (en) Augmented single factor split key asymmetric cryptography-key generation and distributor
WO2007003997A3 (en) Using one-time passwords with single sign-on authentication
WO2011094096A3 (en) Establishing, at least in part, secure communication channel between nodes so as to permit inspection, at least in part, of encrypted communication carried out, at least in part, between the nodes
WO2009007985A3 (en) Identity and policy-based network security and management system and method
WO2005089120A3 (en) Secure authentication and network management system for wireless lan applications
WO2009110703A3 (en) Authentication information management method in home network and an apparatus therefor
WO2007070273A3 (en) Method and apparatus for selecting a codec in a packet-switched communication network
WO2009120771A3 (en) Accessing secure network resources
WO2008132821A1 (en) Security gateway system and its method and program
WO2006113885A3 (en) Apparatus and method for network identification among multiple applications

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200680001894.X

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 3289/DELNP/2007

Country of ref document: IN

REEP Request for entry into the european phase

Ref document number: 2006717996

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2006717996

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE